This Week in Technology

Hackers steal card data from 201 online campus stores from Canada and the US

A group of hackers has planted malicious JavaScript code that steals payment card details inside the e-commerce system used by colleges and universities in Canada and the US. The malicious code was found on 201 online stores that were catering to 176 colleges and universities in the US and 21 in Canada.

The malware has new capabilities, allowing it to spread through a network and shut down other cryptominers on infected computers, allowing the malware to free up more processing power for its own cryptomining operation.

Despite improvements in combating cybercrime and threats, IT security professionals still struggle to fully secure their organizations and protect against breaches, with 61% claiming to have experienced a data breach at their current employer. Adding to this challenge, data breaches are becoming more serious as cybercriminals continue to target intellectual property, putting the reputation of the company brand at risk and increasing financial liability.

Flying Under The Radar: The Biggest Malware Threats Hiding In Plain Sight

Fileless malware attacks are proving to be particularly useful against businesses because the majority of outdated enterprise security solutions are designed to detect file-based malware that resided on the disk, not in memory. Small to midsize businesses (SMBs) have become particularly vulnerable since some lack adequate security and IT staff to understand and protect against these threats.

Some users who fell victim to this hacker have admitted to using weak passwords for their GitHub, GitLab, and Bitbucket accounts, and forgetting to remove access tokens for old apps they haven't used for months --both of which are very common ways in which online accounts usually get compromised.

The ransomware appears to have been designed to target large enterprise networks as part of carefully planned targeted intrusions --in a tactic that is known as "big-game hunting." MegaCortex now joins an ever-growing list of ransomware strains that cyber-criminal groups are using only in targeted attacks, rather than with spam or other mass deployment techniques.

As a centralized management and analytics tool, Citrix SD-WAN Orchestrator is architected for all deployment sizes, including large-scale SD-WAN rollouts, giving you the agility you need to quickly deliver new services to your users. In addition, integrated security means that you don’t have to worry about additional complexity.

Nutanix Mine is a turnkey solution that integrates secondary storage operations with the Nutanix Enterprise Cloud Platform. The new solution allows customers to manage their hyper-converged infrastructure (HCI) environment and backup operations from a single management console while helping to cut down the cost and complexity of standalone systems dedicated to backup and recovering data.

Like many ransomware campaigns, Dharma attacks start off with phishing emails. The messages claim to be from Microsoft and that the victim's Windows PC is 'at risk' and 'corrupted' following 'unusual behaviour', urging the user to 'update and verify' their anti-virus by accessing a download link. If the user follows through, the ransomware retrieves two downloads: the Dharma ransomware payload and an old version of anti-virus software from cyber security company ESET.

Google recently announced that it has expanded its offering of NVIDIA’s latest GPU, the Turing-based T4, for global availability on the Google Cloud. This is due to the wide range of applications that can use the T4 (all AI frameworks, all deep learning models, Machine Learning algorithms, training, inference, 3D graphics, and more). The T4 is a real workhorse product at an attractive price point—as low as $0.29 per hour per GPU on GCP.

EyeDisk's contents are unlocked when the authenticator element of the device passes a password along to the controlling software. The researcher chose to use Wireshark, an open-source packet analyzer, to see if he could sniff out the contents. (The latest versions of Wireshark support USBPcap for sniffing USB packets in real-time.) It wasn't long before it became apparent that the so-called "unhackable" device unlocks by sending these passwords in clear text.